ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohit Rai Malhotra (JIRA)" <j...@apache.org>
Subject [jira] [Created] (RANGER-1911) Disable weak ciphers and protocols from Ranger
Date Tue, 28 Nov 2017 15:18:00 GMT
Rohit Rai Malhotra created RANGER-1911:
------------------------------------------

             Summary: Disable weak ciphers and protocols from Ranger
                 Key: RANGER-1911
                 URL: https://issues.apache.org/jira/browse/RANGER-1911
             Project: Ranger
          Issue Type: Bug
          Components: Ranger
    Affects Versions: 0.7.0
            Reporter: Rohit Rai Malhotra
            Priority: Minor


List of weak ciphers and protocols by default:

Vulnerable connection combinations :

SSL/TLS version : TLSv1.2
Cipher suite : TLS1_DHE_RSA_WITH_AES_128_CBC_SHA256
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.2
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.2
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.1
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0
Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA
Diffie-Hellman MODP size (bits) : 1024
Warning - This is a known static Oakley Group2 modulus. This may make
the remote host more vulnerable to the Logjam attack.
Logjam attack difficulty : Hard (would require nation-state resources)

Here is the list of medium strength SSL ciphers supported by the remote server :

Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)

DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1

The fields above are :
{OpenSSL ciphername}
Kx={key exchange}
Au={authentication}
Enc={symmetric encryption method}
Mac={message authentication code} {export flag}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message